Verifying signature with JWSDP-2.0 and .NET WSE 2.0
Hi,
I'm writing a Java client (jdk1.5.0_05) application to talk to a .NET WSE 2.0 web service and running into a problem with verifying the signature on the response message. The Java client is based on the api-sample shipped with jwsdp-2.0. X.509 certificates are being used for encryption and signing. The request sent by the Java client is understood (successfully verified and decrypted) by the .NET web service. However, when the client tries to verify the response, it throws the "Number of Signature Targets in the message dont match number of Targets in receiver requirements" error. What am I doing wrong? The code fragment, the server config file, and the exception stack are attached. Any help is greatly appreciated.
Code fragment for verifying the signature in the response:
String soapString = <get the response from the .NET web service>
MessageFactory msgFactory = MessageFactory.newInstance();
SOAPMessage soapresponse = msgFactory.createMessage(null, new ByteArrayInputStream(soapString.getBytes()));
ProcessingContext context = new ProcessingContext();
context.setSOAPMessage(soapresponse);
SOAPMessage verifiedMsg = sprocessor.verifyInboundMessag(context); // <== exception!
Server config file:
<xwss:SecurityConfiguration dumpMessages="true"
xmlns:xwss="http://java.sun.com/xml/ns/xwss/config" >
<xwss:Sign>
<xwss:X509Token certificateAlias="serverpublickey"/>
<xwss:SignatureTarget type="xpath"
value="/soap:Envelope/soap:Header/wsa:Action"/>
<xwss:SignatureTarget type="xpath"
value="/soap:Envelope/soap:Header/wsa:MessageID"/>
<xwss:SignatureTarget type="xpath"
value="/soap:Envelope/soap:Header/wsa:RelatesTo"/>
<xwss:SignatureTarget type="xpath"
value="/soap:Envelope/soap:Header/wsa:To"/>
<xwss:SignatureTarget type="xpath"
value="/soap:Envelope/soap:Header/wsse:Security/wsu:Timestamp"/>
<xwss:SignatureTarget type="xpath" value="/soap:Envelope/soap:Body"/>
</xwss:Sign>
<xwss:RequireEncryption/>
<xwss:RequireSignature/>
</xwss:SecurityConfiguration>
Exception:
java] SecurityEnvironmentHandler.java: CertificateValidationCallback
java] Exception in thread "main" com.sun.xml.wss.XWSSecurityException:
com.sun.xml.wss.XWSSecurityException: Number of Signature Targets in the message dont match number of Targets in receiver requirements
java]at com.sun.xml.wss.impl.misc.XWSSProcessor2_0Impl.verifyInboundMessage(XWSSProcessor2_0Impl.java:134)
java]at com.sun.wss.sample.Client.main(Client.java:256)
java] Caused by: com.sun.xml.wss.XWSSecurityException: Number of
Signature Targets in the message dont match number of Targets in
receiver requirements
java]at com.sun.xml.wss.impl.dsig.SignatureProcessor.verifyRequirements(SignatureProcessor.java:582)
java]at com.sun.xml.wss.impl.dsig.SignatureProcessor.verify(SignatureProcessor.java:441)
java]at com.sun.xml.wss.impl.filter.SignatureFilter.process(SignatureFilter.java:344)
java]at com.sun.xml.wss.impl.HarnessUtil.processWSSPolicy(HarnessUtil.java:83)
java]at com.sun.xml.wss.impl.HarnessUtil.processDeep(HarnessUtil.java:237)
java]at com.sun.xml.wss.impl.SecurityRecipient.processMessagePolicy(SecurityRecipient.java:805)
java]at com.sun.xml.wss.impl.SecurityRecipient.processMessagePolicy(SecurityRecipient.java:768)
java]at com.sun.xml.wss.impl.SecurityRecipient.validateMessage(SecurityRecipient.java:235)
java]at com.sun.xml.wss.impl.misc.XWSSProcessor2_0Impl.verifyInboundMessage(XWSSProcessor2_0Impl.java:132)
java]... 1 more
Thank you,
John
